Malicious PDF — malware analysis report

Heuristics 4

• ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
  ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
• External URI info PDF_URI
  PDF contains an external URL action
• Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTAL
  The same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
• Embedded URL info EMBEDDED_URL
  One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
  URL https://lozipotod.ru/award?keyword=les+choristes+sheet+music+pdf

  • http://jerimujolegem.medianewsonline.com/adapter_class_in_java.pdf
  • http://nusowutevu.getenjoyment.net/classification_of_carbohydrates_download.pdf
  • http://jusojixanona.getenjoyment.net/69639192632.pdf
  • http://vevebopawo.mywebcommunity.org/7044018864.pdf
  • http://www.ascendercorp.com/
  • http://www.ascendercorp.com/typedesigners.html
  • http://www.daltonmaag.com/
  • https://s3.amazonaws.com/kakekojezutok/99802742756.pdf
  • https://393102e6-89af-4738-8cad-89662dba8dc5.filesusr.com/ugd/33a16d_656c9748403f4cdea46fe30ca6b92c4d.pdf?index=true
  • http://menerolefu.rf.gd/fb_video_er_for_pc_windows_7.pdf
  • https://uploads.strikinglycdn.com/files/4ee6c895-a479-4da5-8aa4-efa65640fb77/easy_piano_songs_sheet_music_free.pdf
  • https://s3.amazonaws.com/zijivevip/autocad_2016_free_download_with_crack_64_bit.pdf
  • http://gomitobovuni.rf.gd/bobesi.pdf
  • http://paradubufaxeju.rf.gd/18013315218.pdf
  • https://s3.amazonaws.com/kiguteperilodu/fidiravifarizopuz.pdf
  • http://sokurunofizune.rf.gd/celestron_astromaster_114_battery.pdf
  • https://s3.amazonaws.com/xakapudakadu/pimefisenutezuji.pdf
  • https://uploads.strikinglycdn.com/files/b1d0145b-60c7-434c-aa71-e04b0b3ad6cc/zexogefimulemuzinuluzibon.pdf
  • https://s3.amazonaws.com/pidufozu/tratamiento_para_el_covid_19_mexico.pdf
  • https://8d275f60-8e36-4e70-8574-b6d542a617c4.filesusr.com/ugd/dbf6c2_eafa6b4ab83641bba0f913fbceb3b723.pdf?index=true
  • https://ba30dffa-51fe-4caa-9472-6f142403a9bb.filesusr.com/ugd/c2007e_bdf39577031b49f992b021501863474a.pdf?index=true
  • https://f7e05ffc-afae-4d19-be15-7e9c659e5e5f.filesusr.com/ugd/72f62b_056f569cd521485e94233dd2d4e0c27d.pdf?index=true
  • https://uploads.strikinglycdn.com/files/d19104da-74c4-46fd-a7e3-575b2d19785d/how_to_increase_brightness_in_casio_calculator_fx-991ex.pdf
  • https://47a25507-5c4f-4e73-9b7c-0c49514c8174.filesusr.com/ugd/e00bd3_fc70a22be0d24f37842ef0987cc2a974.pdf?index=true
  • http://www.w3.org/1999/02/22-rdf-syntax-ns#
  • http://purl.org/dc/elements/1.1/
  • http://ns.adobe.com/pdf/1.3/
  • http://ns.adobe.com/xap/1.0/
  • http://ns.adobe.com/xap/1.0/mm/
  • http://ns.adobe.com/xap/1.0/rights/
  • http://scripts.sil.org/OFL

Open this report in the interactive analyzer, or submit your own file for analysis.